From d5c034b4e90d3fba74e5b0a879d8af424023d7b1 Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@curii.com>
Date: Tue, 22 Dec 2020 10:03:30 -0500
Subject: [PATCH] 16360: Don't bypass autofillConfig in production mode.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
---
 lib/boot/supervisor.go | 79 +++++++++++++++++++++---------------------
 1 file changed, 39 insertions(+), 40 deletions(-)

diff --git a/lib/boot/supervisor.go b/lib/boot/supervisor.go
index 417f09d23f..138c802e18 100644
--- a/lib/boot/supervisor.go
+++ b/lib/boot/supervisor.go
@@ -143,7 +143,6 @@ func (super *Supervisor) run(cfg *arvados.Config) error {
 		super.tempdir = "/var/lib/arvados/tmp"
 		super.wwwtempdir = "/var/lib/arvados/wwwtmp"
 		super.bindir = "/var/lib/arvados/bin"
-		super.configfile = "/etc/arvados/config.yml"
 	} else {
 		super.tempdir, err = ioutil.TempDir("", "arvados-server-boot-")
 		if err != nil {
@@ -155,28 +154,28 @@ func (super *Supervisor) run(cfg *arvados.Config) error {
 		if err := os.Mkdir(super.bindir, 0755); err != nil {
 			return err
 		}
+	}
 
-		// Fill in any missing config keys, and write the resulting
-		// config in the temp dir for child services to use.
-		err = super.autofillConfig(cfg)
-		if err != nil {
-			return err
-		}
-		conffile, err := os.OpenFile(filepath.Join(super.tempdir, "config.yml"), os.O_CREATE|os.O_WRONLY, 0644)
-		if err != nil {
-			return err
-		}
-		defer conffile.Close()
-		err = json.NewEncoder(conffile).Encode(cfg)
-		if err != nil {
-			return err
-		}
-		err = conffile.Close()
-		if err != nil {
-			return err
-		}
-		super.configfile = conffile.Name()
+	// Fill in any missing config keys, and write the resulting
+	// config in the temp dir for child services to use.
+	err = super.autofillConfig(cfg)
+	if err != nil {
+		return err
+	}
+	conffile, err := os.OpenFile(filepath.Join(super.tempdir, "config.yml"), os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return err
+	}
+	defer conffile.Close()
+	err = json.NewEncoder(conffile).Encode(cfg)
+	if err != nil {
+		return err
 	}
+	err = conffile.Close()
+	if err != nil {
+		return err
+	}
+	super.configfile = conffile.Name()
 
 	super.environ = os.Environ()
 	super.cleanEnv([]string{"ARVADOS_"})
@@ -655,26 +654,26 @@ func (super *Supervisor) autofillConfig(cfg *arvados.Config) error {
 			}
 		}
 	}
-	if cluster.SystemRootToken == "" {
-		cluster.SystemRootToken = randomHexString(64)
-	}
-	if cluster.ManagementToken == "" {
-		cluster.ManagementToken = randomHexString(64)
-	}
-	if cluster.API.RailsSessionSecretToken == "" {
-		cluster.API.RailsSessionSecretToken = randomHexString(64)
-	}
-	if cluster.Collections.BlobSigningKey == "" {
-		cluster.Collections.BlobSigningKey = randomHexString(64)
-	}
-	if super.ClusterType != "production" && cluster.Containers.DispatchPrivateKey == "" {
-		buf, err := ioutil.ReadFile(filepath.Join(super.SourcePath, "lib", "dispatchcloud", "test", "sshkey_dispatch"))
-		if err != nil {
-			return err
-		}
-		cluster.Containers.DispatchPrivateKey = string(buf)
-	}
 	if super.ClusterType != "production" {
+		if cluster.SystemRootToken == "" {
+			cluster.SystemRootToken = randomHexString(64)
+		}
+		if cluster.ManagementToken == "" {
+			cluster.ManagementToken = randomHexString(64)
+		}
+		if cluster.API.RailsSessionSecretToken == "" {
+			cluster.API.RailsSessionSecretToken = randomHexString(64)
+		}
+		if cluster.Collections.BlobSigningKey == "" {
+			cluster.Collections.BlobSigningKey = randomHexString(64)
+		}
+		if cluster.Containers.DispatchPrivateKey == "" {
+			buf, err := ioutil.ReadFile(filepath.Join(super.SourcePath, "lib", "dispatchcloud", "test", "sshkey_dispatch"))
+			if err != nil {
+				return err
+			}
+			cluster.Containers.DispatchPrivateKey = string(buf)
+		}
 		cluster.TLS.Insecure = true
 	}
 	if super.ClusterType == "test" {
-- 
2.30.2